Re: S/WAN ISAKMP/Oakley testing...
"W. Douglas Maughan" <wdm@epoch.ncsc.mil> Fri, 08 November 1996 14:11 UTC
Received: from cnri by ietf.org id aa21492; 8 Nov 96 9:11 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa10596; 8 Nov 96 9:11 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id IAA12382 for ipsec-outgoing; Fri, 8 Nov 1996 08:47:56 -0500 (EST)
Date: Thu, 07 Nov 1996 17:57:10 -0500
From: "W. Douglas Maughan" <wdm@epoch.ncsc.mil>
Message-Id: <9611072257.AA10138@dolphin.ncsc.mil>
To: isakmp-oakley@cisco.com, ipsec@tis.com, rpereira@timestep.com
Subject: Re: S/WAN ISAKMP/Oakley testing...
Sender: owner-ipsec@ex.tis.com
Precedence: list
Roy, > > I'd like to talk about some of the 'magic' identifiers in ISAKMP. I'm > talking about the values that aren't defined in v5 of the draft. > > > - What transform ids are used for the ISAKMP proposal? > - What ids are used for the ISAKMP proposal attributes "Group > Identifier", Encryption Alg", "Hash Alg", and "Auth Alg" ? > - What is the format of a SA proposal TLV ? Is the type and length 16 > bits each ? Or are they 8 bits each ? > - What is the ESP Proposal attribute "Cryptographic Synch" used for > and when? > - How do we transform a 8-byte ISAKMP SPI to a 4-byte ESP/AH SPI ? > - The v5 ISAKMP draft states that the "Payload Length" in the SA > payload is "in 4-octet units", but this is incorrect and should by in > 1-octet units. > - For the Certificate Payload, there aren't any identifiers for the > Certificate Type and there is only one identifier for the Certificate > Authority. > - What ISAKMP exchange identifiers are used for the Oakley exchange > modes? > - What is the Notify message error "CONNECTED" used for? > - What is the Notification Data? It's contents are not defined in the > Internet DOI. > As mentioned in an e-mail by Dan Harkins yesterday, there will be new drafts for ISAKMP, ISAKMP-Oakley Resolution, and the IP Security DOI early next week (i.e. Tues or Wed.). I think they will answer most, if not all, of the above "attribute" questions. Doug Maughan
- S/WAN ISAKMP/Oakley testing... Roy Pereira
- Re: S/WAN ISAKMP/Oakley testing... W. Douglas Maughan